On Sun, 2002-11-10 at 02:51, Ullrich Jans wrote:
> "vdongen" <vdongen@hetisw.nl> writes:
>
> > I wanted to know where the city I live in is:
> >
> > Googlism for: 's-gravenzande
> >
> > MYSQL Error in query:
> > INSERT INTO googlism (ism,alpha,date,type) VALUES ('\'s-
> > gravenzande', ''', now(), '3')
> > Error: You have an error in your SQL syntax. Check the manual that
> > corresponds to your MySQL server version for the right syntax to use
> > near '3')' at line 1
> >
> > nice :)
>
> Really nice.
>
> The problem here is, this is a potential security breach. I didn't
> look further into it, but I think this could be exploited rather
> trivially to execute shell code as the user the query runs under. Form
> there an attacker could run some local exploit and gain root...
But that's just a query being sent to MySQL. The worst case I see is
sending arbitrary queries to MySQL (eg, deleting everything in the
database).
> This should be looked into by the webmaster of googlism (CC'ed) ASAP!
Agreed.
Alex.
--
PGP Public Key: http://aoi.dyndns.org/~alex/pgp-public-key
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS d- s:++ a18 C++(++++)>$ UL+++(++++) P--- L+++>++++ E---- W+(+++) N-
o-- K+ w--- !O M(+) V-- PS+++ PE-- Y+ PGP+(+++) t* 5-- X-- R tv b- DI
D+++ G e h! !r y
------END GEEK CODE BLOCK------
Attachment:
signature.asc
Description: This is a digitally signed message part